Search This Blog

Thursday, October 22, 2009

The insecurity of being transparent in Norway and your right to privacy

This is a random mumbling about the state of transparency in Norway. Don't get me wrong, Norway is a beautiful country to live in. Taxation is heavy and used properly in comparison to other European countries. However, there is one thing that I personally fail to understand. Why on earth everyone's taxation records are on-line, available for everyone to browse.

You see, in Norway, all well known news or business portals have enabled a form into the Skattelister (tax records) data set . So, if you are curious enough to know how much a friend of yours made throughout a tax year, you type his/her first and last names and then you get all sorts of nice information such as:

The exact amount of income of the person.

The exact amount of tax they paid.

The exact valued/declared amount of other property entries they have

Nice comparative graphs to see how the person's income compares to the national/regional/average.

Nice economic indicators of your income expressed in percentage of tax contributed to useful things (i.e. you paid %percentage of a stipendship salary, of a hospital operation).

On one side, this level of transparency promotes some sort of social justice order. You have valid data to observe the distribution of income. You can also spot the injustice by watching the logistical tricks of the super reach (they have zero income or zero property, as they skilfully transfer their income to funds or other financial arrangements abroad).

On the other hand, the data availability creates certain information and generic security risks. I explain what I mean:

Each tax record reveals your age (4 digits). Every Norwegian has a social security number (fød.nummer) of 11 digits in the form ddmmyynnnnn. Two of these digits are revealed. So, no big problem for brute force attacks, but still, there are other laws that prohibit the display of the year of birth without the permission of the individual.

The same goes for your postcode (and hence the full details of your house address).

Apart from the fact that many passwords are made by using the birth year and the address as combination, if I was a burglar and wanted to see which houses I could "visit", I have hit a goldmine!

Apart from privacy concerns and identity theft scenarios, who is the idiot that decided that my entire data should be online to everyone, without my permission? The Norwegian Data Protection authority is sleeping quite heavily at the moment. Somebody should wake them up!